This invention relates generally to the control of access to electronically provided services and more particularly to the control of access to such services using tokens such as plastic cards.
An example of such a service is the dispensing of cash by an automatic teller machine (ATM). Access to facilities provided by the ATM are typically controlled by requiring a user to present a personalised plastic card carrying data on a magnetic stripe to a card reader associated with the ATM. The user is required to key in a personal identification number (PIN) which is used by the system to access data in the card which together with data held in the system relating to the user enables the system to determine whether the requested transaction should be authorised.
The principle has been considerably extended to many types of transactions including the purchase of goods in retail outlets, access to processes on computer networks and the provision of stockbroking services. As the sophistication of the services has increased so has the need for increased flexibility and security in the control of access. For example, it is important that providers of smart card services through retail tills/terminals or ATM""s are assured that such services may only be accessed by authorised end-users with a valid card, at a valid till and, where appropriate, under the control of an authorised sales assistant or other operator. It is also desirable to provide an audit trail for each transaction to facilitate the detection of fraud and the settlement of any dispute that may arise from the transaction.
An improved form of plastic card, called the smart card, has recently been developed which by incorporating within it active data processing and storage facilities provides enhanced security and flexibility.
It is an object of the present invention to provide a method of controlling access to electronically provided services and a system for implementing such a method which provides improved security and flexibility. A preferred embodiment enables advantage to be taken of the facilities provided by smart cards.
According to the invention there is provided a method for controlling access to an electronically provided service comprising the steps of storing one or more application modules, which permit such a service to be delivered, in encrypted form so as to be accessible only under the control of a decryption key and, in response to a request for access to a particular service initiated by presentation of a token by a user, developing a decryption key from token data read from said token together with personal data provided by the user to provide access to the requested service by decryption of the associated application module.
According to a second aspect of the invention there is provided a system for controlling access to an electronically provided service comprising means for storing one or more application modules, which permit such service or services to be delivered, in encrypted form so as to be accessible only under the control of a decryption key, token reading means for accepting a token presented to the system by a user requiring access to a particular service or services, data receiving means for receiving personal data relating to the user, and a key generator adapted to combine data stored in said token with data received by said data receiving means to generate a decryption key to provide access to the requested service.
In a typical system the personal data relating to the user will be a personal identification (PIN) number in which case the data receiving means will be a simple keypad. However in a more advanced system the data may be developed from biometric data read by a reader adapted to recognise particular facial or other characteristics of the user such as fingerprint or hand geometry.
In order to provide an audit trail there may also be developed, at the same time as the generation of the encryption key, data identifying the end user, the card used and any operator involved, together with the date of the transaction and any other information required to establish an audit trail.
The system is preferably organised to operate under the control of an object orientated (OO) programming language and the services are stored in the form of encrypted object orientated xe2x80x9cappletsxe2x80x9d.
In a number of applications, particularly where transactions are performed in association with an operator or operators, it is desirable to make provision for access to processes according to the level of authority delegated to the operator or operators involved. In one embodiment of the invention, a set of applications is made available to all operators of check-out tills in a retail environment whilst a further set of applications is available only to supervisors. In another embodiment of the invention different sets of applets may be decrypted according to the authority of an operator as identified when the operator logs on to a particular terminal. In such a system a hierarchy of access levels may be established by associating with each applet a level of access accessible only to operators or users able to satisfy the system that they have authority to access that particular process.
In a preferred system embodying the invention provision is made for accepting smart cards. Advantage is taken of the processing and storage facilities available on the card to perform the key generation on the card itself and, where sufficient processing capacity is available, the decryption itself. The dynamic generation of the decryption key on the smart card provides the considerable security advantage that the personal information on the card relating to the user need never leave the card. Moreover further security advantages may be obtained by generating a key, or set of keys representative of a user""s personal level of authority to access particular services, obviating the need to maintain a separate list of operators and their access authorities. Prior systems requiring such a list are vulnerable to breaches of security if such a list is tampered with.